This week I’m attending the 2015 FIRST Conference in Berlin (www.first.org) to co-chair a meeting of the newly chartered Vulnerability Coordination SIG. This SIG was born out of issues such as Heartbleed, which highlighted the need for a multi-faceted solution to the difficult challenges of vulnerability coordination across a diverse, global stakeholder community. ICASI recognized the need for change and also recognized that FIRST, with its global reach and diverse membership, was an ideal forum to work this challenging issue. And here we are this week, kicking off the Vulnerability Coordination SIG with an in-person meeting in Berlin! We will be meeting to discuss our draft goal and deliverables below:
SIG Goal: Develop and execute a strategy for improving vulnerability coordination globally
- Develop and Publish a common set of “coordination principles”
- Develop and Publish vulnerability coordination best practices, which include use cases or examples that describe scenario and disclosure paths
- Collate and Publish a compendium of coordination resource documents
- Review and Recommend methods for reporting/updating coordination directories [finding a contact (maybe a directory – a trusted contact)]
How about that for a draft set of goals? It will be a lot of work but I think the timing is right to tackle this important issue and see if we can find common ground on vulnerability coordination across the stakeholder communities. We had a great pre-Berlin Conference meeting a few weeks ago and at this Thursday’s kickoff we will roll up our collective sleeves and start the hard work.
For more information on the Vulnerability Coordination SIG check out: http://www.first.org/global/sigs/vulnerability-coordination
Brian Willis is Manager, Threat Intelligence and Infrastructure Protection, for Intel. He is the chairman of the Coordination Working Group within ICASI, and the co-chair of the new Vulnerability Coordination SIG in FIRST.